Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Malware Attack Crippled Production of Major U.S. Newspapers

A malware attack targeting Tribune Publishing Co. crippled the printing and deliveries of several major newspapers across the U.S. this weekend – including the Los Angeles Times and Wall Street Journal.

The virus impacted computer systems of Tribune Publishing Co., which publishes an array of major newspapers. These systems are shared by major newspapers including the Los Angeles Times and the San Diego Union Tribune. Also impacted were the Southern California versions of the Wall Street Journal and the New York Times, the Chicago Tribune, and the Baltimore Sun. The cyberattack prevented certain editions, pages (including the classified ads and death notices), or – in some cases- entire papers from being printed or delivered.

Tribune Publishing Co. publishes several newspapers across the U.S.

According to a letter from the publisher of the San Diego Union Tribune, the attack appeared to begin late Thursday night and by Friday spread to the Tribune Publishing’s network, injecting systems that are critical to news production and printing.

“Technology teams from both companies made significant progress against the threat, but were unable to clear all systems before press time,” according to the Union Tribune Editor and Publisher Jeff Light.

While further details about the attack have not been publicly released, according to several anonymous sources who spoke to the L.A. Times, the attack appeared to stem from Ryuk ransomware. In August the Ryuk ransomware family was first spotted by Check Point researchers, attacking targeted organizations worldwide. According to Check Point, Ryuk’s code has notable similarities to the Hermes ransomware, a malware commonly attributed to the North Korea-linked hacking group, Lazarus Group.

A Tribune Publishing spokesperson did not immediately respond to a request for comment. In a tweet, the company said that “a disruption to our print production systems caused delays in the delivery of some of our newspapers Saturday.”

A disruption to our print production systems caused delays in the delivery of some of our newspapers Saturday. We apologize to all of our readers for the inconvenience. https://t.co/KmVYE7FpNu

While production issues impacted papers across the U.S., papers printed by the Tribune Publishing Co. were back to normal production scheduling by Sunday.

“We apologize for the inconvenience and thank you for your patience as we actively work to resolve these issues and restore timely service to our customers,” the Los Angeles Times said in a statement. “The majority of Times subscribers should receive their paper sometime Saturday. For those who do not receive Saturday’s paper, you will receive it with the regularly scheduled delivery of the Sunday edition.”

It’s not the first cyberattack impacting newspapers – Earlier this month, a webpage owned by the Wall Street Journal was hacked in an attempt to promote YouTube celebrity “PewDiePie.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.